CES 2007: Keep the bad guys away with full disk encryption

Posted January 7, 2007 - 19:55
by
Humphrey Cheung

Las Vegas (NV) - You trust your hard drive to always serve up your data, but how do you keep the data away from the bad guys? Seagate seems to have an answer with an upcoming drive with full disk encryption. The drive works by signing data with encryption keys and by injecting additional code into a compatible Trusted Platform Module computer. At the Storage Visions Conference at the Flamingo Hotel in Las Vegas, Seagate engineer Dr. Robert Thibadeau explained how the drive works.

Dr. Thibadeau held up the prototype drive, which was announced in October 2006, and exclaimed that it becomes a useless "brick" if you change and forget the encryption keys. The drive has a one time enrollment where a public and private key pair are made and transferred to the TPM chips. Afterwards, data packets are appended with a random number that is then signed with the private key. The public key on the computer end unscrambles the data. "This is a very simple process that doesn't require user interaction," said Dr. Thibadeau.

Without the proper encryption keys, computer users will not be able to read or write data to the drive. Luckily users will not need to remember a long string of letters and numbers, but will make a password during the enrollment step to access the key.

Dr. Thibadeau said the drive should be just as fast as traditional drives and can be securely erased in just milliseconds. "This allows for instant secure erase," said Thibadeau. Basically you change the encryption key and walk away. While this isn't a traditional erase, because the data is still on the drive, the contents are scrambled and worthless without the keys. After such an erase, the laptop can be reformatted and given to another employee or a charitable organization.

Multiple partitions, with different key pairs, can be set up on the drive. For example, you could have three partitions, one for the day, mid and graveyard shifts of a company. In addition, "Secure Partitions" that users cannot access could be made for applications to store extremely sensitive information such as Social Security numbers, software licenses or digital cash. Of course, this could possible allow movie companies to load up hard drives with movies and then charge money for you to unlock them.

The National Security Agency sent their Senior Engineer David Kreft to the conference. Kreft told the audience that encryption keys could solve an unforeseen problem with cheap, reliable hard drives. "At some point in time, you need to make the data go away," said Kreft.

Of course trusted storage goes both ways, it can keep the bad guys out, but it can also lock you out if you lose your encryption keys. But Kreft didn't see this as a necessarily bad thing, "If you lose that key, you won't be able to access data, but no one else will. In some cases, that has merit." Of course, we kinda expected an NSA guy to say that.